CVE-2011-2894

Security: Chosen commands execution on the server (Framework) or authentication token bypass (Security) by objects de-serialization

Severity Score

6.8

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Spring Framework 3.0.0 through 3.0.5, Spring Security 3.0.0 through 3.0.5 and 2.0.0 through 2.0.6, and possibly other versions deserialize objects from untrusted sources, which allows remote attackers to bypass intended security restrictions and execute untrusted code by (1) serializing a java.lang.Proxy instance and using InvocationHandler, or (2) accessing internal AOP interfaces, as demonstrated using deserialization of a DefaultListableBeanFactory instance to execute arbitrary commands via the java.lang.Runtime class.

Spring Framework v3.0.0 hasta la v3.0.5, v3.0.0 hasta la de Spring Security v3.0.5 y v2.0.0 y v2.0.6, y posiblemente otras versiones permite des-serializar objetos de fuentes no fiables, lo que permite a atacantes remotos eludir las restricciones de seguridad existentes y permite la ejecución de código no seguro (1) serializando una instancia de java.lang.Proxy y mediante el uso de InvocationHandler, o (2) accediendo a las interfaces internas AOP, como se demuestra con la des-serialización de una instancia de DefaultListableBeanFactory para ejecutar código arbitrario a través de la clase java.lang.Runtime.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2011-07-27 CVE Reserved
2011-09-09 CVE Published
2023-03-07 EPSS Updated
2024-08-06 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-502: Deserialization of Untrusted Data

CAPEC

References (10)

URL	Tag	Source
http://osvdb.org/75263	Broken Link
http://securityreason.com/securityalert/8405	Third Party Advisory
http://www.securityfocus.com/archive/1/519593/100/0/threaded	Mailing List
http://www.securityfocus.com/bid/49536	Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/69687	Third Party Advisory
https://web.archive.org/web/20120307233721/http://www.springsource.com/security/cve-2011-2894	X_refsource_misc

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
http://www.redhat.com/support/errata/RHSA-2011-1334.html	2022-07-17
http://www.springsource.com/security/cve-2011-2894	2022-07-17
https://access.redhat.com/security/cve/CVE-2011-2894	2011-09-22
https://bugzilla.redhat.com/show_bug.cgi?id=737611	2011-09-22

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Vmware Search vendor "Vmware"		Spring Framework Search vendor "Vmware" for product "Spring Framework"				>= 3.0.0 <= 3.0.5 Search vendor "Vmware" for product "Spring Framework" and version " >= 3.0.0 <= 3.0.5"		-		Affected
Vmware Search vendor "Vmware"		Spring Security Search vendor "Vmware" for product "Spring Security"				>= 2.0.0 <= 2.0.6 Search vendor "Vmware" for product "Spring Security" and version " >= 2.0.0 <= 2.0.6"		-		Affected